Introduction
I prepared a talk, aimed at non-security people working on building software such as developers and DevOps engineers. The aim was to introduce them to some key ways in which OWASP can help them level up their security knowledge and practices for either free or very cheap.
In this post, I am not going to reproduce the whole talk but I want to provide the structure and, most importantly the links in a more accessible way than a talk recording or slide deck.
Talk abstract
When it comes to security, we are all trying to figure out how to do more, in less time and less budget. OWASP, the Open Web (and) Application Security Project can bring you this and more.
However, with over 200 different projects and no easy way for someone outside the ecosystem to know where to start, some of the best resources might be the least known. In this talk, I will use my experience working with OWASP in a variety of areas to walk you through the key projects that can help you at different stages of your software security journey such as those noted above. I will also highlight the less obvious benefits that it offers you which could potentially save you time and money.
You will leave with ideas and tricks which you can immediately adopt in your day job to level up your security knowledge, impress your peers, and maybe have some fun along the way!
Talk structure
What is OWASP
Your first steps in OWASP…
- Chapters list
- Find meet-ups
- Twitter:
- Mastodon:
- OWASP’s Slack workpace
- Get an invite to OWASP’s Slack workpace
Some projects you should know…
Projects to start with
Projects to mature with
- OWASP Application Security Verification Standard
- Dependencies:
- WAF:
- OWASP DefectDojo
Projects to Watch
- OWASP DevSecOps Maturity Model
- OWASP Integration Standards
OWASP Membership (Benefits are shown at the bottom)
Josh Grossman - Application Security Specialist 